Dark Reading

Hugging Face Packages Weaponized With a Single File Tweak

A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate ...
Threat Post

Critical Vulnerabilities Affect JSON Web Token Libraries

Critical vulnerabilities exist in several JSON Web Token (JWT) libraries – namely the JavaScript and PHP versions – that could let an attacker bypass the verification step. Critical vulnerabilities ...
SecurityWeek

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking

Claude Code vulnerability allows attackers to intercept OAuth tokens, enabling access to connected SaaS platforms and ...
Morning Overview on MSN

The 'mini Shai-Hulud' attack hides inside AI coding agent configs — the first supply chain attack to weaponize Claude Code and VS Code as persistence vectors

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had ...

Claude Code MCP Beginner’s Guide to Automate Workflows

Learn how to set up Model Context Protocol (MCP) to transform Claude Code into an AI agent capable of web automation and database management.